• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Can you get a virus via a virtual machine?

Can a virus travel from a VM to a host machine?


  • Total voters
    8

=MGN=RedEagle

Well-known member
#1
Hi guys,

If I install linux via a VM on my PC, can a virus travel through the VM and harm my PC? What I I transfer files from my VM to my PC?

Can I infect the VM from the PC by transferring data?


I should mention that you guys are awesome and have been a huge help to me! :)
 

AlexT

Well-known member
#2
Yes and yes. Transfer via file transfer should be obvious if the transferred file is infected. Otherwise it depends on the security of the underlying hypervisor that runs the VM. It's not unheard of that hypervisors (VirtualBox, VMWare, Xen, KVM, ...) have been be exploited, allowing an app to escape the guest and attack the host. Some reads:

http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/
http://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/
http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
http://vsphere-land.com/news/escaping-the-cave-a-vmware-admins-worst-fear.html
 

=MGN=RedEagle

Well-known member
#3
Yes and yes. Transfer via file transfer should be obvious if the transferred file is infected. Otherwise it depends on the security of the underlying hypervisor that runs the VM. It's not unheard of that hypervisors (VirtualBox, VMWare, Xen, KVM, ...) have been be exploited, allowing an app to escape the guest and attack the host. Some reads:

http://blogs.gartner.com/neil_macdonald/2011/01/26/yes-hypervisors-are-vulnerable/
http://threatpost.com/virtual-machine-escape-exploit-targets-xen-090612/
http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
http://vsphere-land.com/news/escaping-the-cave-a-vmware-admins-worst-fear.html
Thanks for that input. If I move a infected drive from a PC to a linux machine, will that drive infect the linux machine? I figured the vast majority would face compatibility issues.
 

Adam Howard

Well-known member
#4
Thanks for that input. If I move a infected drive from a PC to a linux machine, will that drive infect the linux machine? I figured the vast majority would face compatibility issues.
It can. The old myth that (once fact, now myth) that there are no self executing programs in Linux ..... Is a myth today. And viruses can be cross platform as well (same thing can run on Windows, Linux, Apple, Android, iPhone, ect...).

You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

Off topic:

The evil people that make such things.... They're getting smarter and a lot of people are playing catch up to them.

The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.
 

EQnoble

Well-known member
#5
It can. The old myth that (once fact, now myth) that there are no self executing programs in Linux ..... Is a myth today. And viruses can be cross platform as well (same thing can run on Windows, Linux, Apple, Android, iPhone, ect...).

You're better off setting up this virtual PC inside a sandbox and inside another virtual PC.

Off topic:

The evil people that make such things.... They're getting smarter and a lot of people are playing catch up to them.

The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.
Are you talking about firmware rootkits?
 

Adam Howard

Well-known member
#6
Are you talking about firmware rootkits?
Something along those lines, yes. The infection was able to apply its self to things which normally you wouldn't be expecting (mouse, keyboard, bios, hard drive, ect...) If it had firmware, even stuff that typically wasn't thought flash-able... It made it.

Think "HIV" for technology.... Make any data exchange of any kind and you were infected.
 

Biker

Well-known member
#9
There are prudent measures and then there's paranoia. Don't fall into the latter. Take your standard precautions, scan your machines regularly, and leave the paranoia at the door.
 

ManagerJosh

Well-known member
#10
There is no 100% level of security. There will always be some level of risk by using a computer. At some point it simply becomes cost prohibitive.

The best thing to do is take the most reasonable amount of precautions possible.
 

=MGN=RedEagle

Well-known member
#11
Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.
 

ManagerJosh

Well-known member
#12
Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.

Exactly how "high value" ?
 

Luke F

Well-known member
#14
The most infectiousness computer virus is a firmware that adds its self to all your firmware. It doesn't technically do anything, except add 2 lines of code (hello world) and it wasn't ever released in the wild (thankfully). But it was a good example of things to come.... Imagine having to replace all your hardware, because connecting it to something new means infecting hardware with contact.
Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.
 

SilverCircle

Well-known member
#16
Hi guys,

You have been a huge help! Question, is a VM in a VM safer or a separate Ubuntu computer safer? I can afford both. Just want to know which system is better if you want to protect high-value online assets which people are actively trying to hack.
In that case it's probably better to consult / cooperate with a security expert instead of messing around with stuff you do not really understand, because that can be dangerous. Yes, that can cost you quite *some* $$$, because the really good people don't work for peanuts.
 

Biker

Well-known member
#17
Literally the only danger of spreading would be in portable hard disks that actually bother to implement firmware updates over usb, and it would be astronomically hard to exploit.
Not necessarily. Read up on Icelord and Mebromi. Both infect your BIOS and MBR.
 

Fred Sherman

Well-known member
#18
Don't want to get too deeply into this, but don't think of a virus as a program. Think of a virus as a weapons system. You have delivery and payload. Even the payload can be complex, like a MIRV warhead. The "re-entry vehicle" can be chosen based on an IFDEF conditional in the delivery system, to select it for the proper OS, BIOS, firmware detected.

So yes, not only can a virus in a VM affect the host computer, but also the hypervisor, the BIOS. and other VMs. It can replicate itself via ethernet or the SAN and affect the entire house, office, and/or datacenter. It can leap from to different operating systems. It all depends on the sophistication of the virus. And with many countries actively wngaging in cyberwarfare, viruses are becoming increasingly sophisticated.
 

=MGN=RedEagle

Well-known member
#19
Don't want to get too deeply into this, but don't think of a virus as a program. Think of a virus as a weapons system. You have delivery and payload. Even the payload can be complex, like a MIRV warhead. The "re-entry vehicle" can be chosen based on an IFDEF conditional in the delivery system, to select it for the proper OS, BIOS, firmware detected.

So yes, not only can a virus in a VM affect the host computer, but also the hypervisor, the BIOS. and other VMs. It can replicate itself via ethernet or the SAN and affect the entire house, office, and/or datacenter. It can leap from to different operating systems. It all depends on the sophistication of the virus. And with many countries actively wngaging in cyberwarfare, viruses are becoming increasingly sophisticated.
Do you know if they can jump via a wireless router to different computers within the same house?